The identity and authenticity of programs stored and running on a computer system is a fundamental security issue for users. Essentially, users want the programs with which they interact to perform as the programs are advertised. Users may encounter problems when they trust a specific program, while the program behaves in an unexpected way. In some situations, the program may have been deliberately altered, or a virus or other security issue may be present. More often than not, the program simply behaves differently than the user initially expected because it does not come from a trusted source, it has been altered at some point rendering it incompatible with other components, or it is ineffective for some other reasons.
Running on modern computers are thus a slew of security programs attempting to address this problem. Each of these applications addresses a set of security needs of the computer. They include anti-virus applications, firewalls, malware detection programs, signature checking mechanisms, etc. Some of these programs are offered as part of the operating system, some are integrated into Internet browsers, while others are purchased or even downloaded from third-party vendors.
However, these programs are not consistent mechanisms for establishing authentication of identities. They cannot be relied upon to comprehensively check all operations running in the operating system, even though any operation running in the system may introduce data objects that come from untrustworthy sources and damage the computer. These processes often fail to perform optimally in the operating system and slow down the overall system speed. The hodge-podge nature of these security programs makes it difficult or impossible to introduce a set of uniform security interface programming for software developers. Worse yet, some of these hodge-podge assortments of security assessment programs may have come from sources that have yet to be properly certified as trustworthy.
What is needed is consistent mechanism for establishing authentication of identities. Specifically, what is needed is a security assessment mechanism that is fully integrated with the operating system to offer consistent performance, comprehensive examination of operations taking place in the operating system, and uniform software development support.